CVE-2026-2461

Mattermost Plugins versions =11.3 11.0.3 11.2.2 10.10.11.0 fail to implement authorisation checks on comment block modifications, which allows an authorised attacker with editor permission to modify comments created by other board members. Mattermost Advisory ID: MMSA-2025-00559...

CVE-2026-22202

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability that allows attackers to delete all comments associated with an email address by crafting a malicious GET request with a valid HMAC key. Attackers can embed the deletecomments action URL in image tags or other resources to...

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.1.6

Red Hat OpenShift Service Mesh 3.1.6 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.1....

SUSE-SU-2026:1062-1 Security update for python310

This update for python310 fixes the following issues: Update to Python 3.10.20: - CVE-2025-6075: quadratic complexity in os.path.expandvars bsc1252974. - CVE-2025-11468: header injection with carefully crafted inputs bsc1257029. - CVE-2025-12084: quadratic complexity in xml.minidom node ID cache...

EUVD-2026-15821

Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through = 2.4.9...

CVE-2026-32441

Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through = 2.4.9...

CVE-2026-32441 WordPress Comments Import & Export plugin <= 2.4.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through = 2.4.9...

CVE-2026-32441

Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through = 2.4.9...

CVE-2026-32441

CVE-2026-32441 is a Missing Authorization vulnerability in the WordPress plugin Comments Import & Export for WooCommerce, affecting versions up to and including 2.4.9. Connected sources confirm the issue type but do not provide exploit vectors, exact root cause, or a published fix in the supplied...

CVE-2026-32441 WordPress Comments Import & Export plugin <= 2.4.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in WebToffee Comments Import & Export comments-import-export-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comments Import & Export: from n/a through = 2.4.9...

SUSE CVE-2026-26022

Gogs is an open source self-hosted Git service. Prior to version 0.14.2, a stored cross-site scripting XSS vulnerability exists in the comment and issue description functionality. The application's HTML sanitizer explicitly allows data: URI schemes, enabling authenticated users to inject arbitrar...

WordPress plugin Comments Import & Export 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

PT-2026-27997

Name of the Vulnerable Software and Affected Versions WebToffee Comments Import & Export versions n/a through 2.4.9 Description An authorization issue exists in WebToffee Comments Import & Export comments-import-export-woocommerce. The issue involves exploiting incorrectly configured access contr...

CVE-2026-33313 Vikunja has an IDOR in Task Comments Allows Reading Arbitrary Comments

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, an authenticated user can read any task comment by ID, regardless of whether they have access to the task the comment belongs to, by substituting the task ID in the API URL with a task they do have access to...

CVE-2026-33313 Vikunja has an IDOR in Task Comments Allows Reading Arbitrary Comments

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, an authenticated user can read any task comment by ID, regardless of whether they have access to the task the comment belongs to, by substituting the task ID in the API URL with a task they do have access to...

CVE-2026-33313 Vikunja has an IDOR in Task Comments Allows Reading Arbitrary Comments

Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.0, an authenticated user can read any task comment by ID, regardless of whether they have access to the task the comment belongs to, by substituting the task ID in the API URL with a task they do have access to...

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.2.0 contained security vulnerabilities. These vulnerabilities were due to access control flaws in the API, which could allow authenticated users to read arbitrary task comments...

CVE-2026-23488 Blinko: multiple interfaces in the comment feature allow unauthorized access

Blinko is an AI-powered card note-taking project. Prior to version 1.8.4, the /api/v1/comment/create endpoint has an unauthorized access vulnerability, allowing attackers to post comments on any note including private notes without authorization, even if the note has not been publicly shared. The...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the task comments process. An attacker can access unauthorized comment data by manipulating identifiers in API requests. Remediation Upgrade github.com/go-vikunja/vikunja/pkg/models t...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the task comments process. An attacker can access unauthorized comment data by manipulating identifiers in API requests. Remediation Upgrade code.vikunja.io/api/pkg/models to version...